On 7/17/19 3:01 AM, Matus Honek wrote:
I think we cannot remove it. Setting the MIN version is a workaround
for *old clients* not even supporting current NSS' default min.
Setting up MAX version is a workaround for *broken clients* thinking
they can support something they announced but for some reason fail to
work with such a version. I believe most of deployments have some
really legacy software of which not a small amount behaves weirdly
enough these two options save lives; I have seen these issues several
times.
Did you see anyone still using SSL3?
On Tue, Jul 16, 2019 at 10:24 PM Mark Reynolds <[email protected]> wrote:
So some time ago when the poodlebleed vulnerability came out in SSL3 we
added a way to set the minimum and maximum SSL/TLS versions the server
would accept (e.g. TLS1.1 <--> TLS1.2). Current versions of NSS
already use this range by default. I would like to remove/deprecate the
sslVersionMin/Max and just use what NSS uses by default (which should be
the system wide crypto policy).
Is anyone actually using sslVersionMin/Max? Do we really have a need
for it anymore?
--
389 Directory Server Development Team
_______________________________________________
389-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
--
389 Directory Server Development Team
_______________________________________________
389-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
